CVE-2008-6100

Name of the Vulnerable Software and Affected Versions Discussion Forums 2k version 3.3

Description The issue allows remote attackers to execute arbitrary SQL commands due to multiple SQL injection vulnerabilities. This is possible when the magic quotes gpc setting is disabled. The vulnerabilities can be exploited through specific parameters in various PHP files, including the CatID parameter in "RSS1.php" and "RSS2.php" and the SubID parameter in "RSS5.php".

Recommendations For Discussion Forums 2k version 3.3, consider disabling the magic quotes gpc setting to prevent SQL injection attacks. Additionally, as a temporary workaround, restrict access to the vulnerable parameters CatID and SubID in the affected PHP files until a patch is available.